Privacy Notice
Last updated: 28 June 2026
1. Who we are
This notice describes how Chef AI ("we", "us") collects and uses personal data when you use our website and app (the "Service"). Chef AI is the data controller for the personal data described here.
Contact: hello@chef.ai.
2. What we collect and why
| Category | Purpose | Legal basis |
|---|---|---|
| Email & sign-in credentials | Create and secure your account | Contract |
| Prompts you submit | Generate recipes | Contract |
| Photos you upload (fridge scans) | Identify ingredients and suggest dishes. Processed transiently — we do not retain the image once the response is returned. | Contract |
| Usage events (recipes/scans count, timestamps) | Enforce free-tier limits and improve the Service | Contract / legitimate interests |
| Subscription status (plan, period, customer ID) | Provision Pro features and manage billing | Contract |
| Technical data (IP address, browser, device, log data) | Security, fraud prevention, debugging | Legitimate interests |
| Support messages | Respond to your queries | Contract / legitimate interests |
Payment card details are collected directly by Paddle and are never seen or stored by us.
3. Who we share data with
- Paddle.com Inc. — our Merchant of Record. Paddle handles payments, subscription management, invoicing, and tax compliance for all our orders. See Paddle's Privacy Policy.
- Hosting and backend — Lovable (Cloudflare + Supabase) hosts the app, database, and authentication.
- AI model provider — Google (Gemini) processes the prompts and images you submit to generate responses, via the Lovable AI Gateway.
- Professional advisers — lawyers, accountants where reasonably necessary.
- Authorities — where required by law, court order, or to protect our rights.
4. International transfers
Some of our providers are based outside the UK/EEA (including the United States). Where we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses and adequacy decisions where available.
5. Retention
We keep your account and subscription data for as long as your account is active and for a reasonable period after closure to comply with legal, tax, and accounting obligations (typically up to 6 years for billing records). Usage events older than 90 days may be deleted or aggregated. Fridge photos are not retained after processing.
6. Your rights
Subject to local law, you have the right to access, rectify, erase, restrict, or port your personal data; object to certain processing; and withdraw consent where processing is based on consent. UK/EEA users can complain to their supervisory authority (in the UK, the ICO at ico.org.uk). To exercise any right, email hello@chef.ai — we'll respond within one month.
7. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), encrypted storage, access controls, and the principle of least privilege.
8. Cookies
We use a small number of essential cookies and equivalent local storage to keep you signed in and remember your preferences. We do not currently use marketing or third-party advertising cookies. The Paddle checkout sets its own cookies for the payment flow.
9. Changes
If we make material changes to this notice we will post the updated version here and update the "Last updated" date.